Anthropic Releases Open-Source Reference Harness for AI Vulnerability Discovery

Anthropic has open-sourced a reference implementation for autonomous vulnerability discovery and remediation with Claude at https://github.com/anthropics/defending-code-reference-harness. The repository contains Claude Code skills for threat-model, vuln-scan, triage and patch plus a harness configured for C/C++ memory vulnerabilities via Docker and ASAN. The harness executes a recon to find to verify to report to patch loop and requires gVisor sandboxing for any code execution. The primary source states the repo is not maintained and is not accepting contributions while pointing to an accompanying blog post and a companion cookbook for the same recon-find-triage-report-patch loop. It also notes a hosted Claude Security product that applies multi-stage verification to reduce false positives across repositories. The repository documentation specifies that /quickstart, /threat-model, /vuln-scan and /triage perform only file read/write operations and that setup begins with scripts/setup_sandbox.sh followed by bin/vp-sandboxed invocation, citing docs/security.md and docs/agent-sandbox.md for isolation details.